Verifiable Credentials Working Group Telco — Minutes

Date: 2023-02-08

See also the Agenda and the IRC Log

Attendees

Present: Phillip Long, Brent Zundel, Chris Abernethy, Shigeya Suzuki, David Chadwick, Dave Longley, Michael Prorock, Joe Andrieu, Ted Thibodeau Jr., Will Abramson, Gabe Cohen, Orie Steele, Manu Sporny, Kerri Lemoie, David Lehn, Mahmoud Alkhraishi, Steve McCown, Kevin Dean, Juan Caballero, Charles Lehner, Shawn Butterfield, Dmitri Zagidulin

Regrets:

Guests:

Chair: Brent Zundel

Scribe(s): Will Abramson

Content:

• 1. F2F Meeting.
• 2. CEPC Conversation.
• 3. Work Item status updates/PRs.
  • 3.1. Add issue to zkp section (pr vc-data-model#1026)
  • 3.2. change ZKP section (pr vc-data-model#1030)
  • 3.3. Add section about bitstring encoding. (pr vc-status-list-2021#45)
  • 3.4. Ensure that statusListCredential can be dereferenced. (pr vc-status-list-2021#46)
  • 3.5. Add validity/caching period to status list credentials. (pr vc-status-list-2021#53)
  • 3.6. Revised Test vectors text (pr vc-di-eddsa#24)
  • 3.7. Add version 2 (pr vc-jwt#44)
• 4. Issue processing.
  • 4.1. Enable CBOR Representation(s) of Verifiable Credentials (issue vc-data-model#985)
  • 4.2. Define “prover” in addition to “holder”. (issue vc-data-model#902)
  • 4.3. Determine interoperable way for Holder to make claims directly in VPs (issue vc-data-model#860)
  • 4.4. ACDC (Authentic Chained Data Containers) in VC DM 2.0 (issue vc-data-model#895)

Brent Zundel: agenda - f2f meeting, code of ethics, work item status & prs, open issues.

Manu Sporny: is the slide deck available?.

Brent Zundel: yes, slide deck for f2f is available.
… links will be sent out to group.
… any introductions.

1. F2F Meeting.

Brent Zundel: space for 16 ppl but 18 attendees. Room might be tight.
… catering for 15 currently.
… meeting 9-5 from 14th to 16th of Feb.
… afternoon on 15th we have a boat cruise planned. Cost is 30 dollars.
… lunches sponsored thanks to mesur.io.
… and Q’s?.

2. CEPC Conversation.

brenz: reminder of code of ethics. Chairs have received several complaints recently.
… need to make extra effort to be kind. Give folks the benefit of the doubt..
… happy to take questions.

3. Work Item status updates/PRs.

Manu Sporny: issue #987 awaiting broader discussion.
… issue #1014 turned into lengthy discussion with some disagreement.

Orie Steele: Indeed we will cover it during the F2F..

Manu Sporny: expected to deal with at f2f.

3.1. Add issue to zkp section (pr vc-data-model#1026)

See github pull request vc-data-model#1026.

Manu Sporny: might remove zkp section.
… also have new P.R that changes the zkp section.
… need to decide how we are going to proces these.
… thoughts?.

Brent Zundel: #1030 incorporates and slightly changes the wording of #1026.

3.2. change ZKP section (pr vc-data-model#1030)

See github pull request vc-data-model#1030.

Brent Zundel: should be straightforward to adjust further or get rid of the section.

Manu Sporny: orie suggests process in order. Doing that.
… processing #1026, #1028 then need review on #1030.

3.3. Add section about bitstring encoding. (pr vc-status-list-2021#45)

See github pull request vc-status-list-2021#45.

Manu Sporny: vc status list has 3 PRs.
… good discussion about bitstring encoding.
… no one way to encode bitstrings.
… need to specify how to do this in space.
… going to ask if dwight is objecting.
… implementers need to know to check implementations.

3.4. Ensure that statusListCredential can be dereferenced. (pr vc-status-list-2021#46)

See github pull request vc-status-list-2021#46.

Manu Sporny: about if status list can be dereferenced.
… some objections.
… status list can live on any url, so not sure if we should get specific about http.

3.5. Add validity/caching period to status list credentials. (pr vc-status-list-2021#53)

See github pull request vc-status-list-2021#53.

Manu Sporny: ted asking for editorial changes.
… looks like it is going to go in soon.

3.6. Revised Test vectors text (pr vc-di-eddsa#24)

See github pull request vc-di-eddsa#24.

Manu Sporny: moving on to edwards curve suite.
… p.r. to update test vectors.
… good job, but not a working group member.
… doesn’t look like any ipr issues. needs to be cleared for IP.
… thats it.

3.7. Add version 2 (pr vc-jwt#44)

See github pull request vc-jwt#44.

Orie Steele: One open p.r. for vc jwt.
… build on previous discussions around media type.
… some off topic conversations moved to other issues.
… expect to spend time at f2f discussing this.

Brent Zundel: any other updates about work items.

4. Issue processing.

Brent Zundel: https://github.com/w3c/vc-data-model/issues?q=is%3Aissue+is%3Aopen+label%3Adiscuss+sort%3Aupdated-asc.

Brent Zundel: move on to issue processing.
… skipping #988 as holder discussion queued for f2f.

4.1. Enable CBOR Representation(s) of Verifiable Credentials (issue vc-data-model#985)

See github issue vc-data-model#985.

Brent Zundel: enable cbor representations of VCs.
… suggest we should aim for CBOR representation for data model.

Orie Steele: has been proposal for cbor in P.R #1000.
… conversations around content type property in cose and jose. I will add some links.
… looking forward to discuss at f2f.

Manu Sporny: already cbor representations for VCs. Not standardised. Have cbor-ld that will take jsonld VCs and compress.
… not standardised.
… has been used in various pilot programs.
… going into prod.
… strongly suggest we don’t pick this up at the moment. Have enough on our plate.
… could provide impl guidlines for cbor.
… instead of creating a new work item.

Brent Zundel: any other comments.

4.2. Define “prover” in addition to “holder”. (issue vc-data-model#902)

See github issue vc-data-model#902.

Brent Zundel: define prover in addition to holder. What to folks think?.
… not sure if we are at a point of agreement on next steps.

Orie Steele: issue describes itself. Main problem is association with holder binding.
… become inactionable due to this.
… original intention was to describe that holder undirected. Might want to make it clear the direction.
… suggest entire data model blocked by holder binding conversation.
… don’t have def with requirements at presentation layer that is useful.
… hopefully untangle at f2f.

Manu Sporny: orie took shot at high level definitions, longley added some suggestions. Sparked massive discussions.
… could be that we don’t need yet another role or term in ecosystem.

David Chadwick: I think we need two new terms. Get rid of holder all together.
… two new terms issuee and presenter/prover.
… those roles never change.
… holder always changes because vcs passed between holders.

Juan Caballero: +1.

David Chadwick: holder does not participate in anything particularly.

Phillip Long: +1 to David C’s statement about holders as indeterminate, not having a defined actionable role..

Juan Caballero: good point phil– yes, +1 to that :D.

Brent Zundel: thanks for convo. moving on.

4.3. Determine interoperable way for Holder to make claims directly in VPs (issue vc-data-model#860)

See github issue vc-data-model#860.

Brent Zundel: determine interoperable way to make claims directly in VPs.
… joe raised issue.

Joe Andrieu: not much convo back and forth. Last time there was some pushback on call.
… tension is do we want to reuse the VC and require a second sig.
… or is there a way to use a property in the VP and let signer put some assertions in there.
… manu and dave thought VC approach better.

Manu Sporny: concern is that we have primitive already. That is the VC.

Dave Longley: +1 to reusing the primitive we have already and using composition.

Manu Sporny: can we compose it. VC allows us to say anything about anyone.
… Additional VC could contain any of the additional contents that an additional property might contain.
… is true that it would be an additional thing to be issued and signed.
… suggested property will eventually become a VC. Why not just use a vc.

Joe Andrieu: separate VC need a way to bind to a VP.
… a way to say that this VC is specifically about a VP when it is presented.
… semantics should be part of a VP added when VP is created.

Brent Zundel: how terrible would it be to have property in VP. But specify that the value of that property would be a VC.

Dave Longley: +1 to what brent said being an option, was having the same thought.

Brent Zundel: so property in VP would be in form of a VC.

Manu Sporny: its a good though. I had similar. It is a way of doing this. Still thinking about it.
… raises Q of why we need an additional property in VP to do that.
… if the VC is in the VP then it is already bound to VP. Its all bound together.
… Key thing is lets reuse primitives we already have.
… Just need to address the binding concern.

Michael Prorock: Going the same direction as brent. Feels like a vocab problem.
… handling this in supply chain traceability. Extended the type on VC to TraceableVC..
… this enables linking of VCs together.
… if the vocab and data models give us ability to define these things for use cases. Lets do that for those use cases.
… not reinvent the wheel.

Orie Steele: DIF also extends the RDF type for “VerifiablePresentation”… https://identity.foundation/presentation-exchange/#presentation-submission—verifiable-presentation-2.

Manu Sporny: +1 to mprorock, we need to have a specific use case someone is building out for to apply this to.

Michael Prorock: The tools we need exist.

Joe Andrieu: I like idea of property whose values are credentials. Push back on making the VCs.
… want to avoid the need for multiple vcs.
… if we have multiple VCs in a presentation. Which VC defines the semantics of the presentation.
… trying to figure out and standardise that.

Michael Prorock: the presentation type does that, not the credentials in it.

Joe Andrieu: semantics of VP are about why is this thing being presented and by whom.

Orie Steele: VP has only 2 requirements… context and type..

Brent Zundel: don’t have normatively defined way to sign and secure a VP..
… Might this be a way to bind a VP to the presenter.

Orie Steele: https://w3c.github.io/vc-data-model/#presentations-0 see the requirements..

Manu Sporny: https://w3c-ccg.github.io/vp-request-spec/#did-authentication.

Manu Sporny: data integrity work covers embedded proofs for presentations.
… also a VP request spec that talks to this.
… concern is that some people would think we are now defining protocols. Growth of scope.

Michael Prorock: +1 manu.

Manu Sporny: hard to talk about presentations without going into protocols.

Orie Steele: OIDC has ways of doing this as well, perhaps someone can cite those items for the minutes as well?.

Manu Sporny: agree with mprorock. For us to say this is applicable and useful need to see use cases in the field and then standardise from that.
… find commonalities instead of generalise too early.

Michael Prorock: I agree with manu.

Orie Steele: For the minutes: https://openid.net/specs/openid-4-verifiable-presentations-1_0.html.

Michael Prorock: when you start to get into practicalities, start going into protocols..
… many of this issues we are correcting and improving in vc data model spec are down to how we thought something would/does work in the wild.
… against adding additional complexity, rather that seeing what happens in implementations.

Joe Andrieu: frustrated to deference to implementations.
… we have use cases in the use case document that have requirements from start.

Michael Prorock: then define a vocab.

Joe Andrieu: The semantics of what the presentations means is the gap.
… we have use cases that we haven’t been able to address currently because of this.
… Need to define semantics of a VP.

Orie Steele: joe is getting at 2 possible world views.
… 1 - purely the responsiblity of the data model. Almost what we have today. Clear that protocols will extend using @context and type to support there use cases.
… Because it landed like this in 1.1. people are deferring to protocol.
… also concerned about getting into protocols in this WG.
… Feel protocols are adding many more requirements to VPs.
… concerned about VPs in there current form in the spec.

Michael Prorock: agree, there are things we need to improve about VPs in spec. Not sure this is one of them.
… Deal with gov and regulatory folks. They are relatively happy with it the way it is.
… worried about getting pulled off on tangents.

David Chadwick: I support JoeAndrieu’s view.
… This is about holder or presenter telling the verifier about the contents of the VP and how they should handle them.

Michael Prorock: “type”.

David Chadwick: likely something about holder binding too. Proof of possession.
… Think we do need to broaden the data model for VPs in a standard way.
… if do it for your own applications then you are doing it in a non standard way.

Kerri Lemoie: Part of the confusion with VPs in the ecosystems that VPs are used for things other than presenting VCs.

Mahmoud Alkhraishi: Have similar problem with the issuer field.
… Not very clear to me who gets to define the values in the issuer field and what it looks like.
… don’t want to derail this convo, but tangentially related.
… suggest extend VP the same way as the traceability vocab.

Manu Sporny: agree with mkhraisha.
… would help me to understand concretely what the solns look like.
… we have extensibility model. Nothing to stop anyone creating an extension to solve use cases that JoeAndrieu is talking about.
… suggest we should do this to create something concrete we can look art.

Orie Steele: RDF is the extensibility model for Verifiable Presentations… context and type… that is it..

Orie Steele: We’ve seen several use cases of vocabularies doing this today..

Juan Caballero: (not too much less ambitious).

4.4. ACDC (Authentic Chained Data Containers) in VC DM 2.0 (issue vc-data-model#895)

See github issue vc-data-model#895.

Brent Zundel: have a couple more minutes.
… going to spend this talking about ACDC.
… glief recently joined w3c and intends to join this WG.
… hopes to push for way to secure VCs using ACDC.
… should talk about that possibility.

Manu Sporny: +1 for a concrete proposal on how ACDC secures the VC Data Model.

Brent Zundel: my perspective is we need a way for the current 1.1 VCDM to be secured using ACDC without requiring significant changes to the data model.
… Have an idea how it could work, but not necessarily the best way.

Orie Steele: Been making progress together on this.
… looking at media types and the requirements associated with a media type.
… have one currently registered.

Brent Zundel: +1 I think media type have a lot of promise for clarifying these issues.

Orie Steele: this might seem complicated but actually rel simple.
… I have prepared slides for f2f to go over media types.
… a media type is what we say a credential is..
… It describes the requirements of a credential - for this working group.

Michael Prorock: would love to see concrete proposal.
… WG still struggling how to properly support the existing standards for signing data.
… stuff has been out and in broad usage for a long time. Well established standards.
… welcome a proposal, but also want to see it turn into a properly incubated spec elsewhere.

Brent Zundel: +1 Mike.

Michael Prorock: loathe to add more to our plate in this WH.
… WG.
… have plenty to be working on already in this WG.

Orie Steele: I’m not in favor of the working group picking up more work, given the current progress and challenges..

Joe Andrieu: agree with mprorock. Lot of approaches want to fit in with the VC work.
… concrete proposal welcome.
… not this working groups job to figure out how to support this work.

Michael Prorock: +1 Joe.

Orie Steele: +1 Joe.

Dave Longley: +1 Joe.

Manu Sporny: +1 Joe and mprorock.

Shigeya Suzuki: +1 Joe Mike.

Joe Andrieu: open to tweaking the data model, but need concrete proposal.

Brent Zundel: agree currently don’t have capacity.
… thanks all. See you in miami for those who can join.
… will be able to participate remotely too for those who can’t.